December 20, 2020


Being an educator at the post-secondary level can be challenging, especially with so many choices for content that should be included in a cybersecurity program. This helpful guide for two-year program professors can assist in the creation of both career and transfer curriculum, as well as certificate credentials, while complying with government supported frameworks.


Offering guidance for a broad variety of cybersecurity programs at the post-secondary level, Cybersecurity Curricula 2017 (CSEC2017): Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity was the first effort at comprehensive cybersecurity curriculum guidelines. Using CSEC2017 as a starting point, the ACM Committee for Computing Education in Community Colleges (CCECC) has led creation of a similar set of guidelines for cybersecurity programs at the associate-degree level, called Cyber2yr2020 or Cyber2yr, formerly known as CSEC2Y. These guidelines specifically target two-year programs at community and technical colleges. Cyber2yr2020 focuses on curriculum guidelines for cybersecurity programs, including both transfer (A.S.) and career- oriented programs (A.A.S.) at the associate-degree level. The Cyber2yr2020 task force consisted of 10 members from community colleges across the United States, with an advisory group of individuals from industry, government, and four-year institutions. Two curriculum guide drafts were available for public commenting, and were presented in the United States as well as internationally in an attempt to gain as much feedback as possible to ensure a fully inclusive curriculum guide.

The curriculum guide focuses on student competencies. To ensure a breadth of knowledge, eight domains are included within the guidelines. These domains are data security, software security, component security, connection security, system security, human security, organizational security, and societal security. In addition to the eight domains, cross-cutting concepts are throughout the domains, including confidentiality, integrity, availability, risk, adversarial thinking, and systems thinking. Inclusion of these cross- cutting concepts will assist students in making connections between the domains and reinforce a security mindset conveyed throughout the cybersecurity curriculum. The competencies have been prepared with Bloom’s Revised Taxonomy and align with national cybersecurity frameworks such as NICE, CAE, and ABET. Sample rubrics and program examples of use are also included within the Cyber2yr2020 curriculum guidelines.


Benefits of using Cyber2yr2020 include:

  • Conducting program reviews to update and create curriculum in cybersecurity. These guidelines can assist in the creation of both career and transfer curriculum, as well as certificate credentials
  • Facilitating programs and course articulation. Two-year cybersecurity programs can use these guidelines to establish conversations with four-year institutions that have similar cybersecurity programs. Since the cybersecurity competencies and learning outcomes were used by ABET to develop criteria for two-year cybersecurity programs, two-year and four-year institutions can benefit from program-specific criteria provided in this document
  • Complying with government-sponsored frameworks: The ACM CCECC cybersecurity competencies align to the NIST National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, as well as to the Centers of Academic Excellence – 2019 Foundational Core and Technical Core Knowledge Units
  • Interacting with local advisory boards: The guidelines’ competencies provide a framework for discussion of cybersecurity competencies, courses, certificates, and degrees, permitting a program’s advisory board to review competencies and learning outcomes with local needs in mind


Cara Tang: